CP-9(8): Cryptographic Protection

Control Family:

Contingency Planning

Parent Control:

CP-9: System Backup

CSF v1.1 References:

CSF v2.0 References:

Threats Addressed:


  • Moderate
  • High
Info icon.

Control is new to this version of the control set.

Control Statement

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined backup information].

Supplemental Guidance

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of backup information. The strength of mechanisms selected is commensurate with the security category or classification of the information. Cryptographic protection applies to system backup information in storage at both primary and alternate locations. Organizations that implement cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.